Baltimore to release SelectAccess 5.0 with SAML

Baltimore Technologies PLC will announce version 5.0 of its SelectAccess Web access management product on Monday, a release that includes easier configuration, better reporting and support for the SAML (Security Assertions Mark-Up Language) standard.

The addition of SAML to the product is perhaps the most important new feature in version 5.0. SAML is an emerging Web standard that should allow different Web access management products to interoperate and exchange security, authentication and permission information about users.

SelectAccess manages authentication of users and their access to resources and data by making use of SelectAccess components on Web and application servers and by hooking in to directories, said Joyce Fai, vice president of the authentication solutions group at the Dublin company. When a user requests access to data or resources, that request is intercepted by the SelectAccess components residing on the Web or application server and forwarded on to the SelectAccess server, which then checks the user's permissions and access level in a directory, she said. If the user is entitled to the resources requested, they are granted access.

Version 5.0 of SelectAccess simplifies the process of adding new users and components to a system, allows user information to be drawn from different directories simultaneously, offers deeper reporting and alerting options and adds support for the authentication of wireless users, she said.

The new version of the software allows administrators to more easily and quickly deploy new SelectAccess components by storing configuration details in an LDAP (Lightweight Directory Access Protocol) directory, she said. That configuration data can then be automatically applied to new components -- such as servers and directories -- as they are added to a network, speeding installation of the new component. The new feature also cuts down on the time needed to upgrade configurations, as the new configuration can be created once and then published to all affected components, she said.

SelectAccess 5.0 also allows information about users and policies to be extracted from different LDAP directories at the same time, according to Fai. This feature is needed as companies may use separate directories for different groups of users, she said.

The new software also offers administrators more detailed and searchable reports, allowing them to be viewed by date, server, user, administrator and other criteria, she said.

Administrators can also be notified of events in SelectAccess in more ways in version 5.0, with SNMP (Simple Network Management Protocol) and pager forwarding options, Fai said. Alerts can also be sent to trigger other events, rather than immediately alerting an administrator.

Users of WAP (Wireless Application Protocol) devices are also supported in SelectAccess 5.0, she said.

Another new protocol supported by the software is SAML, an emerging standard for Web access management products that will allow authentication and access control data to be handed off among Web access management products, she said. SAML support will help SelectAccess users extend Web single-sign-on capabilities beyond their corporate boundaries to partners who may not be using the same Web access management software, she said.

The inclusion of SAML in SelectAccess 5.0 is important, but is just a first step is creating effective interoperability between applications, said James Kobielus, senior analyst with Burton Group. SAML is still in its draft stage, though version 1.0, which Baltimore is using, will be ratified over the summer, he said.

Despite the impending ratification, other details still need to be worked out among Web access management vendors. Those include how the data about access control will be described, he said. As as result, initial SAML deployments are likely to offer only a single sign-on to a variety of Web resources, rather than the full capability of the standard, he said.

Though Baltimore is the first company to ship a product that integrates the SAML 1.0 standard, "standards compliance does not equal interoperability," Kobielus said. The degree of standards compliance and the other outstanding details will determine that to some degree, he said. As a result, the rollout of more SAML-based Web access management software products "isn't going to be glitch-free," he said.

Because Baltimore is the first company to ship such a product, "they don't have anyone to interoperate with yet," he said. Nonetheless, most major vendors in the market are working on implementing SAML and eventually will offer it, he said.

Doing so will be crucial, he said.

The Web access management market has had strong growth in recent years and "in order to keep the growth, they need to collectively address the need for their products to work together," he said.

Though she does not need the SAML features of version 5.0, Kimberly Vertucci, manager of engineering operations at CommWorks Corp., is happy with the software.

Vertucci's group supports about 500 users in the company's research and development department and uses SelectAccess to ensure that only members of that department will have access to the roughly 30 internal Web sites created by the group, she said. The Web sites include sensitive product information, quality assurance information and even code that the department has to be sure isn't accessed by other parts of the company until it is released to them, she said.

CommWorks, which is a part of 3Com Corp. and based in Rolling Meadows, Illinois, has been using SelectAccess since the beginning of the month, Vertucci said. The company chose the product due to its ability to delegate administration of user accounts, its reporting and alerting features and its ease of installation, she said.

Baltimore SelectAccess 5.0 starts at US$20 per user and will be available worldwide on April 29.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.